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METHOD OF AUTHENTICATING A TAG 

Field of the Invention 

The invention relates to a method of authenticating a device, tag, label, or 
similar item, and in one embodiment to a method of ciyptographically verifying a tag 
of a matched component system so that hardware that is part of the matched component 
system will only interrogate tags that are authenticated as part of the matched 
component system. 

Background of the Invention 

Encryption has been used for many years to make information secure against 
the efforts of those who should not have access to that information. Information is first 
encoded by a first authorized user, and then decoded by a second authorized user to 
obtain access to the information. An example of simple encryption would be to equate 
a unique number with each letter of the alphabet, and then to represent the information 
of interest using those numbers, instead of letters. A person who knows the encryption 
algorithm (the substitution of a unique number for each letter) could then decode the 
information to obtain access to it. This type of simple encryption is easily broken 
however, and thus is not very secure. 

Other more sophisticated forms of encryption have been used, particularly in 
modem times, to secure information that is to be electronically transferred from one 
authorized user to another. For example, it is often desirable to transmit private 
information such as a message, credit card number, or the like over the Internet, and 
thus to encrypt that information in a suitably secure manner. A suitable type of 
encryption for these purposes is the "public/private key" enoyption technique that is 
desoibed in common texts and patents on encryption. 

The patent literature includes a number of references related to the uses of 
encryption for tracking manufactured articles, or for performing article authentication. 
See, for example, European Patent Application 0 710 934 A2, entitled '"Methods and 
Systems for Performing Article Authentication''; European Patent Application 0 889 
448 A2, entitled "Method of Preventing Counterfeiting of Articles of Manufacture"; 
and U.S. Patent No. 5,768,384, entitled ''System for Identifying, Authenticating and 
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Tracking Manufectured Articles." The methods described in these and other references 
are not, however, suitable for use with tags as a means of authentication, as described 
below with reference to the present invention. 



Summary of the Invention 

Tags or labels containing information about an article can be provided as part of 
a matched component system along with the hardware used to read, scan, or interrogate 
those tags or labels. Examples of such systems include bar code labels (or printing 
equipment) and scanners, tod radio frequency identification (RFBD) tags and RFID 
interrogators. One reason to encourage the use of matched component systems is to 
enable the system to avoid interrogating tags belonging to another system. Thus, error 
messages may be reduced, and it may be possible to use two or more systems to 
identify various materials in the same location. Another reason is related to the product 
or system warranties. That is, manufacturers often warrant their products for a given 
period or to peiform a given function only if they are used witii other components with 
which they have been repeatedly tested by the manufacturer, but offer no warranty or a 
reduced warranty if they are not. In the case of a matched component system of the 
^e described herein, a system provider may warrant the operation of the ^stem if a 
tag interro^ttor is used in conjunction with authentic tags, but not othowise. 
Specifically, a system provider may warrant the operation of an RFID system when that 
provider sells the RHD tags, and also sells the equipment used to write information to, 
and/or read information from, those tags. 

The authentication method described ho'ein enables a system or uso* to 
autiienticate, for example, radio frequency identification (RFID) tags by providing an 
RFID tag having a stored security block that is cryptographically related to the tag 
address, obtaining the tag address from the tag, applying a cryptogr^hic 
transformation to at least the tag address and a private data set to obtain a security 
block, and then comparing that security block to the stored security block. If the two 
security blocks match, then the tag can be presumed to be autiientic. Alternatively, tiie 
stored security block can be cryptographically transformed using at least a private data 
s^ to obtain a tag address, and that tag address can then be compared witii the stored 
tag address. If the two tag addresses match, then the tag can be presumed to be 
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authentic. Also described is an RFID tag for use with the present invention^ The 
invention finds particularly useful application in the interrogation by portable or 
stationary RFID interrogators of KFID tags placed in library materials^ such as books. 

5 Brief Description of the Drawings 

The present invention is described in greater detail with reference to the 
appended Figures, in which: 

Figure 1 is a process diagram illustrating one embodiment of the inventive 
method for providing a tag with a security block that is a cryptographic transformation 

1 0 of the tag address; 

Figure 2 is a process diagram illustrating one embodiment of the inventive 
method for authenticating a tag by field encryption and comparison; 

Figure 3 is a process diagram illustrating one embodiment of the inventive 
method for authenticating a tag by field decryption and comparison; and 
1 5 Figure 4 is a schematic diagram of an RFID tag in accordance with the present 

invention. 

Detailed Description of the Invention 

20 I. Overview 

In simple terms, a preferred method of authenticating an RFID tag according to 
the present invention involves the following steps. First, a tag address that identifies 
the tag is obtained from the memory of the tag. Second, the tag address and a private 
data set, and optionally a public data set, are ciyptographically transformed to provide a 

25 security block that is stored in the memory of the tag. Third, when it is desired to 

authenticate the tag, the tag address is again obtained and, along with the data set(s) is 
cryptographically transformed to provide a security block that is compared with the 
stored security block. Or, alternatively, the security block is cryptographically 
transformed, using the inverse of the original transformation, including appropriate data 

30 set(sX to obtain a tag address that is compared to the stored tag address. Fourth, if the 
two security blocks (or tag addresses, depending on which process was used) are the 
same, then the tag is authentic. If not, the tag is not authentic. 
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These steps, and other features, variations, and embodiments of the present 
invention are described in greater detail below. Although the invention is desoibed in 
terms of an RFID system, other systems in which information can be read from and 
written to a tag (preferably electronically) are also within the scope of the present 
invention. 



n The Tag 

An RFID tag suitable for use in conjunction with the present invention is 
described in PCT Publication 99/65006 entitled 'Identification Tag With Enhanced 

10 Security/' the rights to ^ch are assigned to the assignee of the present invention. As 
shown in Figure 4, RFID tag 10 generally includes an antenna 12 connected to a 
memory device 14 such as an integrated circuit (IC). The tag may include a power 
source, such as a battery or capacitor, or may be powered solely by the RFID 
interrogator such that it receives both energy and information in the form of radio 

15 waves from the RFID interrogator The tag may be provided with adhesive (typically 
pressure sensitive adhesive) so that it may be adhered to, for example, a library book. 
It will be appreciated by those skilled in the art that Figure 4 represents only one of the 
many embodiments of geometry and antenna design suitable for use in an RFID tag. 

20 A commercial example of a suitable RFID tag is one available from the Texas 

Instruments Company of Dallas, Texas, under the designation "TIRIS Tag-it." The 
Tag-it brand RFID tag includes a first memory storage area that stores unalterable data 
(r^ired to as ''permanent tag memory"), such as unique unalterable data identifying 
that specific tag (referred to herein as the 'tag address'*), and a second memory storage 

25 area that stores variable information provided by a user (referred to herein as "variable 
tag memory"). Current Tag-it brand RFID tags include 256 bits of variable tag 
memory, although more memory is likely to become available on that and other RFID 
tags in the fiiture. The Tag-it brand RFID tag operates at a 13.56 MHz conmiunication 
frequency, although tags and interrogators that operate at other frequencies may be 

30 used instead. Tag-it brand RFID tag systems may also be used with Windows- 
compatible software available from Texas Instruments to simplify the use of Tag-it 
brand RFID tags and equipment. 
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A Permanent Tag Memory 

It is preferred that the tag address is stored in the permanent tag memory. It is 
also preferred that this tag address be unique to insure that it is possible to identify and 
address a specific tag during use. This tag address might, for example, be 32 bits long, 
allowing over 4 billion unique addresses. Typically this tag address is programmed 
into the tag during manu&cture and ''factory locked" so that it cannot be changed later. 
A tag address may include information stored in both the permanent tag memory and 
the variable tag memory, described below. 

B. Variable Tag Memory 

Variable tag memory, subject to any applicable restrictions on the amount of 
memory available, may be used to store information about the manufacturer of the tag 
or the tag itself (such as when and where the tag was made), and/or about the article to 
which the tag is attached or to be attached. For example, where the RFID tag will be 
attached to a library book or other material, the title, author, call number, checkout 
status, and usage statistics associated with that book may be stored in the variable tag 
memory. Other information that may be stored in the variable tag memory includes the 
name of the library that owns the book or material, the specific library branch from 
which it was borrowed, the appropriate location (such as the specific shelf location) for 
the book or material, type of item (book, CD, video tape), and the like. 

A portion of the variable tag memory may be locked, so that it cannot be 
inadvertently modified. For example, the data on a tag associated with an item 
belonging to a library can thereby be protected from accidental modification by an 
RFID-based airline baggage handling system or other RFID writer. The locking 
procedure differs among RFID tag suppliers. In the case of the Texas Instruments Tag- 
it brand RFID tags, the smallest block of variable memory that can be locked in this 
manner is 32 bits, which may be used to store certain cryptographically transformed 
information in the manner described herein. 



in. Readers (Interrogation Sources^ and Writers (Programmers) 

RFID tags used in one embodiment of the invention are both readable and 
progranunable. That is^ the RFID tag can be read or interrogated by an interrogation 
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source to obtain some or all of the information stored in the variable tag memory of the 
tag for use or manipulation by a user, and can also be progranmied (written) with 
information provided by a system or user. Suitable RFID interrogation sources and 
RFID writers are comm^cially available from Texas Instruments of Dallas, Texas 
5 under the designation ''Commander 320." 

In one embodiment of the present invention, certain information is 
cryptographically transformed and written into a portion of the available variable tag 
memory by an RFID writer, and in use the tag is interrogated by an RFID reader that 
10 determines whether the tag is authentic, as described in greater detail below. RFID 
readers preferably can interrogate multiple RFID tags virtually simultaneously (the 
Commander 320 brand interrogation source currently is able to interrogate 30 RFID 
tags p& second), though this feature is not required. 

15 TV Encryption 

Before the tag can be authenticated, certain information is obtained from the tag 
and other information is stored on it. Specifically, the tag address is obtained from the 
tag, ciyptpgraphically transformed as described below, and the resulting security block 
is then stored on the tag. One exemplary process for providing a tag having a stored 

20 security block in accordance with the present invention is shown in Figure 1 . 

Step 100 is to read or interrogate the tag to obtain the tag address 102. The tag 
address is then concatenated with at least one data set, and preferably two data sets. If 
one data set is used, then that data set should be a private data set 106 that is not 

25 generally available to the public, but is stored in and used by the interrogation source. 
If two data sets are used, as exemplified in the remainder of this description, then one 
data set may be private and the other a public data set 104, as represented in Figure 1. 
The tag address and the data set(s) could be interleaved or otherwise scrambled (instead 
of being concatenated) if desired, though this is not believed to add significantly to the 

3 0 security or reliability of the system. 

The public and private data sets may consist of any string of characters and/or 
numbers, and can be human readable strings that are represented as binary data using 
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Standard methods such as ASCII, UTF-8 or Unicode. The public data set may be 
widely distributed or not, as desired. In other words, the public and private data sets 
are simply two data sets, which may have difTerent levels of secrecy imposed on them 
by the user. The data set(s), and particularly the private data set, is preferably a string of 
random characters and/or numbers, so that it is difficult or impossible to reverse 
engines the data sA from the cryptographically transformed information. To create the 
data set(s), a random or substantially random process may be used, such as a random 
number generator. 

The public or private data set may be subsumed within software used to create 
and authenticate the tags. The software, in general, will consist of machine language 
instructions, which are not readily intelligible to people and cannot be deciphered 
except by highly specialized individuals expending a great deal of time. Thus, the data 
set(s) will preferably be sufficiently difficult to locate within that software that it may 
be considered for all practical purposes to be private even when the software itself is 
widely distributed. The form of the public or private data sets may also be chosen to 
fecilitate legal protection under copyright, trade secr^ or other law, so that any 
unauthorized user of the data set(s) would also be infringing on a legally protected 
right. 

Although the tag address, the public data set, and the private data set may be of 
any desired length and content, by way of example the tag address may have, for 
example, 32 bits of information, the public data set may have at least 32 bytes of 
information, and the private data set may have at least 32 bytes of information. An 
exemplary tag address could be the hexadecimal value 0x012345678, and exemplary 
public data set may be the ASCII string "3M Radio Frequency Identification Systems,** 
and an exemplary private data set may be 

0x000 1E2882AC7B5C613FAF447170E90702957A5053C5C013D7235168E268DE99 
0. 

The tag address 102 and private data set 106, and optionally the public data set 
104, are then fed into a cryptographic transformation algorithm 108, such as a 
cryptographic hash algorithm, which transforms the data and outputs a message digest 



♦ 
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1 10 ot for example, 160 bits in length. Cryptographic transformations encompass both 
conventional reversible encryption such as the Data Encryption Standard (DES, which 
is also referred to as the Data Encryption Algorithm (DEA) by ANSI, and as the DEA-1 
by the ISO), and other related techniques such as the use of a one-way cryptographic 

5 hash such as the Secure Hash Algorithm 1, or SHAl. Examples of both types of 
algorithms along with detailed source code in the C programming language are 
mduding in the book A pplied Crvptogranhv. Pr otocols. Algorithms, and Source Code 
inC. by Bruce Schncier (John Wiley and Sons, Inc. 1996 (2d edition)) beginning at 
page 442. and in the Handbook o f Applied Crvptbgraohv. A. Menezes et al. (CRC 

10 Press 1997) beginning at page 348. Although other cryptographic algorithms such as 
DES-CBC-MAC and DES-DMAC may be used as the cryptographic transformation 
method of the present invention, cryptographic hash algorithms such as SHAl, MD5, 
and RIPEMD-160 are preferred because they provide a relatively high level of security 
against attempts to reverse-engineer the private data set when the message digest and 

15 the public data set are known, and also because they are readily available, easy to 

implement, and free of significant governmental restrictions on use. The source code 
associated with the SHAl described in the A pplied Crvptographv reference cited above 
is currently available on computer disc from Bruce Schneier, Counterpane Systems, 
7115 W. North Ave., Suite 16, Oak Park, IL 60302-1002. 

20 

I^ due to variable tag memory limitations, it is desirable not to store the entire 
message digest on the tag, then a specified portion of the message digest may be 
designated and stored in (written to) the variable tag memory of the KFID tag. This 
portion of the message digest is security block 1 12. Additionally, if it is desired to lock 

25 the security block in the variable tag memory against inadvertent aheration, as 

described above, then a lockable unit or block of the variable tag memory, perhaps 32 
bits, may determine the appropriate size of the security block of information from 
among the message digest which should be designated and stored in the variable tag 
memory. It may also or instead be desirable to store the message digest or the security 

30 block in the permanent tag memory, which would normally be done by or for the 
manufacturer of the tag. For convenience, the output of the cryptographic 
transformation (such as SHAl) will be referred to as the "message digest,*' and the 
entirety or portion of the message digest that is stored on the RFID tag will be referred 
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to as the "security block." Thus the security block 1 12 may be created by designating 
at least part of the message digest, and then written to the RFID tag in the manner 
described above as shown at 1 14. 



5 V. Authentication 

Once a security block that represents the message digest, or a portion of the 
message digest, from a cryptographic transformation has been stored on a tag, the tag 
may be used for authentication in the field. Authentication may be performed in 
several different manners, 'two of which are described below. The first involves 
10 following the same process used to encrypt the tag, and then comparing the result (the 
security block) with the stored security block to detmnine whether they are the same. 
If the two security blocks are the same, then the tag is authentic. If they are different, 
then the tag is not authentic. This is referred to as *Tield encryption and comparison." 

IS The second authentication process described below involves essentially the 

reverse. That is, the authentication process begins by obtaining the stored security 
block from the memory of the tag, performing an encryption transformation in reverse 
using the private data set and, if needed, the public data set, to obtain a tag address. 
The tag address is then compared with the stored tag address. If the two tag addresses 

20 are the same, then the tag is authentic. If they are different, then the tag is not 

authentic. This is refwed to as "Afield decryption and comparison." In order to use this 
second authentication process, the security block should comprise the entire message 



25 These authentication processes are described in further detail with reference to 

Figures 2 and 3. 

A- Field Encrvption and Comparison 

Figure 2 illustrates the field encryption and comparison process steps used to 
30 determine whether a certain tag is authentic. The user in the field follows the same 
method as shown in Figure 1, and then compares the resulting value with the stored 
security block to determine whether the tag is authentic. 
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In the embodiment shown in Figure 2, steps 200 through 212 are the same as 
their counterparts in Figure 1 . That is, the tag address is obtained 200; the tag address 
202, the private data set 206, and optionally the public data set 204 are provided to the 
cryptographic transftwmation algorithm 208 that provides a message digest 210, from 

5 which a security block is created 212. To authenticate the tag by comparison, the RFID 
reader obtains the stored security block from the tag, as shown at 214, and compares 
the results (shown as 216) of the security block 212 with the stored security blodc 
obtained from the tag at 214. If the two security blocks are the same, then the tag is 
authentic. If the two messages do not match, then the user could conclude that the item 

10 is not authentic, and take any appropriate action. Such action could, for example, 
include terminating processing of the item to which the tag was affixed. 

B Field Deca-vDtion and Comparison 

Figure 3 illustrates the field decryption and comparison process steps used to 
1 5 determine \»*ethw a certain tag is authentic. As shown in Figure 3, the security block 
(which in this embodiment should be identical to the message digest) is obtained from 
the tag 300; the security block 302, the private data set 306, and optionally the public 
data set 304 are provided to the cryptographic transformation algorithm 308 that 
provides the tag address 3 10. The RFID reader then obtains the stored tag address from 
20 the tag 3 12, and compares the results (shown as 3 14) of the tag address 3 10 with the 
stored tag address at 3 12. If the two tag addresses are the same, then the tag is 
authoitic. If the two tag addresses are not the same, the tag is not authentic. The 
oyptogr^hic transformation can be a rev^sible block dpher, stream cipher, or other 
suitable process. 

25 

The cryptographic transformation 308 could be the inverse of the cryptogFq)hic 
transformation used to create the security block stored on the RFID tag. In one 
embodiment, the cryptographic transformation could be a block cipher such as DES 
running in encrypt mode (to encrypt the security block) and decrypt mode (to field 
30 deoypt the security block), where the key to the block cipher would be a fimction of 
the public and private data sets. For example, the data s^(s) could be passed through a 
cryptogn^hic hash fimction to produce a 160-bit message digest and a pr^etermined 
subset of these bits would be selected to create the 56-bit key for the DES block dpher. 
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For block ciphers like RC5 that accept long keys, the key could be a concatenation or 
other predetermined arrangement of the bits that make up the data set(s). 

VT Variations of the Inv entive Process 
5 It will be appreciated that ceitiun steps shown in Figures 1, 2, and 3 can be done 

in an order dififerent than that shown in the respective illustrations. For example, in 
Figure 2 the step 214 of obtaining the stored security block from the tag could take 
place at an earlier stage in the process, perhaps even as the first step in the process. 
Similarly, in Figure 3 the Step 3 12 of obtaining the stored tag address from the tag 
10 could take place at an eariier stage in the process. Also, although the tag address, the 
public data set, and the private data set are shown as independent inputs into the 
cryptographic transformation algorithm, they can as described above be concatenated, 
interleaved, or otherwise grouped prior to being input to the cryptographic 
transformation algorithm. 

15 

In other embodiments the role of the tag address and security block can be 
reversed. This reversal can be usefril when the tag address and security block are stored 
such that one is more difficult to change than the other. If the tag manufacturer writes 
the tag address and the application vendor writes the security block, then reversing the 
20 roles of the tag address and security block may be useful in some circumstances. 

The present invention is described in even greater detail in regard to the 
following Example. 

25 EXAMPLE 

This Example is a representation of an arbitrary tag address, public data set, and 
private data set that could be used in conjunction with the method of the present 
invention. A tag address, expressed in hexadecimal, could be 0x12345678. This 
address would be concatenated with an ASCII-string public data set "Copyright (c) 

30 2000, 3M IPC. All Rights Reserved'', which in hexadecimal notation is "0x43 0x6f 
0x70 0x79 0x72 0x69 0x67 0x68 0x74 0x20 0x28 0x63 0x29 0x20 0x32 0x30 0x30 
0x30 0x2c 0x20 0x33 0x4d 0x20 0x49 0x50 0x43 0x2e 0x20 0x41 0x6c 0x6c 0x20 
0x52 0x69 0x67 0x68 0x74 0x73 0x20 0x52 0x65 0x73 0x65 0x72 0x76 0x65 0x64". 



« 
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This concatenated data would further be concatenated with a hexadecimal private data 
set "OxeO 0x34 0xc7 Ox£D 0x£9 Oxf7 0x37 0x26 0x£6 0x19 0x53 0x15 0x11 0x64 Oxe5 
0x30 0x45 0x4b 0xe3 Oxbf 0x6a Oxca Oxdc 0x6e Oxbe 0xb4 0x84 Oxe3 Oxbl 0x2d 0x77 
0x3 S**, which could be generated by compute- using a pseudo-random numb^ 
5 generator. The fiili concatenated string would be processed using the SHAl 
cryptographic hash algorithm, and the resulting message digest, expressed in 
hexadecimal, would be 0x3385275891ceb2e69cdo4a56031276413d6d702d. From that 
one could select the low-order nibble (4 bits) of each of the first eight (8) bytes of the 
message digest (shown as the underlined characters in the preceding message digest) 
10 which would then be concatenated to provide a security block, expressed in 

hexadecimal, of Ox35781e26 that could be stored on an RFID tag by an RFID writer. 
The tag could then be authenticated by using the field encryption and comparison 
process described above to determine whether the tag was authentic. 

15 The authentication method described herein finds particularly useful application 

in the authentication of RFID tags used with libraiy materials such as books. A 
portable (handheld, for example) RFID interrogator may be used to interrogate the 
RFID tags and, if the tags are authentic, to obtain other information fiom the RFID tag 
that is useful to library staff members. Stationary RFID interrogators such as patron 

20 self-service devices, stafif work stations, and stations at which library materials having 
only optical bar codes are converted to have RFID tags, may also use the authentication 
method of the present invention. 

Althou^ most of the foregoing disclosure has been in the specific context of 
25 the authentication of RFID tags by an RFID reader through the use of c^tain 

encryption (and in some cases decryption) techniques^ variations of the methods 
described are also within the scope of the invention. For example, tags, readers^ and 
writers that operate at fi-equencies other than radio firequencies may be used in place of 
those described. With suitable modifications, the present invention may be adapted for 
30 use with bar codes (including two-dimensional bar codes), wherein a bar code address 
would be substituted for an RFID tag address^ and the like. 
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We claim: 

1 . A method of providing an RFID tag with a security block, comprising 
the steps of: 

S (a) obtaining the tag address; 

(b) performing a cryptographic transformation on at least the tag address 

and a private data set to provide a security block; and 

(c) storing the security block on the tag. 

1 0 2. The method of claim 1 , wherein the tag includes a permanent tag 

memory and a variable tag memory. 

3. The method of claim 2, wherein the tag address is stored in the 
permanent tag memory. 

IS 

4. The method of claim 2, wherein at least part of the tag address is stored 
in the variable tag memory. 

5. The method of claim 2, wherein step (c) comprises storing the security 
20 block in the variable tag memory. 

6. The method of claim 5, further comprising the step of: 

(d) locking at least the portion of the variable tag memory in which the 
25 security block is stored to prevent inadvertent modification of the security 

block. 

7. The method of claim 2, wherein step (c) comprises storing the security 
block in the permanent tag memory. 
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8. The method of any one of claims 1 through 7, wherein the cryptographic 
transformation includes the use of a cryptographic hash algorithm. 
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9. The method of any one of claims 1 through 7, v^erein the cryptographic 
transformation includes the use of a block or stream cipher. 

10. The method of any one of claims 1 through 7, wherein step (b) 
comprises cryptographically transforming at least the tag address and the private data 
set to provide a message digest, and designating at least a portion of the message digest 
as the security block. 

1 1. The method' of claim 10, wherein the cryptographic transformation 
includes the use of a cryptographic hash algorithm. 

12. The method of any one of claims 1 through 7, wherein step (b) 
comprises cryptographically transforming the tag address, the private data set, and a 
public data set. 

13. The method of claim 12, wherein step (b) comprises cryptographically 
transforming the tag address, the private data set, and a public data set to provide a 
message digest, and designating at least a portion of the mrasage digest as the security 
block. 

14. The method of claim 1 1, wherein step (b) further comprises 
cryptographically transforming the tag address, the private data set, and a public data 
set. 

15. The method of claim 12, wherein the public data set is "Copyright (c) 
2000, 3M IPC. All Rights Reserved'*. 

16. The method of claim 13, wherein the public data set is "Copyright (c) 
2000, 3M IPC. All Rights Reserved". 

17. The method of claim 14, wherein the public data set is "Copyright (c) 
2000, 3M IPC. All Rights Reserved**. 
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18. The method of claim 12, wherein the public data set is protectable by 
copyright, trade secret, trademark, or service mark law. 

19. The method of claim 13, wherein the public data set is protectable by 
S copyright, trade secret, trademark, or service mark law. 

20. The method of chum 14, wherein the public data set is protectable by 
copyright, trade secret, trademark, or service mark law. 

10 21. A method of authenticating an RFID tag having a stored tag address that 

identifies the tag and a stored security block derived at least in part firom that tag 
address, comprising the steps of: 

(a) obtaining the tag address; 

(b) performing a cryptographic transformation on at least the tag address 
15 and a private data set to provide a security block; and 

(c) coniparing the security block of step (b) with the security block stored 
on the tag to determine whether the two security blocks are the same. 

22. The method of claim 2 1 , wherein the tag includes a permanent tag 
20 memory and a variable tag memory. 

23. The method of claim 22, wherein the tag address is stored in the 
permanent tag memory. 

25 24. The method of claim 22, wherein at least part of the tag address is stored 

in the variable tag memory. 

25. The method of claim 22, wherein the stored security block is stored in 
the variable tag memory. 
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26. The method of claim 25, wherein at least the portion of the variable tag 
memory in which the stored security block is stored is locked to prevent inadv^ent 
modification of the stored security block. 
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27. The method of claim 22, wherein the stored security block is stored in 
the permanent tag memory. 

28. The method of any one of claims 21 through 27, wherein the 
cryptographic transformation includes the use of a cryptographic hash algorithm. 

29. The method of any one of claims 21 through 27, wherein the 
caryptographic transformation includes the use of a block or stream cipher, wh^e the 
cipher is run in encryption mode. 

30. The method of any one of claims 21 through 27, wherein step (b) 
comprises cryptographically transforming at least the tag address and the private data 
set to provide a message digest, and designating at least a portion of the message digest 
as the security block. 

3 1 . The method of claim 30, wherein the cryptographic transformation 
includes the use of a ciyptographic hash algorithm. 

32. The method of any one of claims 21 through 27, wherein step (b) 
comprises ciyptographically transforming the tag address, the private data set, and a 
public data set. 

33. The method of claim 32, wherein step (b) comprises transforming the 
tag address, the private data set, and a public data set to provide a message digest, and 
selecting at least a portion of the message digest as the security block. 

34. The method of claim 31, wherein step (b) further comprises 
cryptographically transforming the tag address, the private data set, and a public data 
set. 

35. The method of claim 32, wherein the public data set is "Copyright (c) 
2000, 3M IPC. All Rights Reserved". 



wo 01/57807 



17 



PCT/USOO/14191 



36. The method of claim 33, wherein the public data set is "Copyright (c) 
2000, 3M IPC. All Rights Reserved'*. 

37. The method of claim 34, wherein the public data set is "Copyright (c) 
2000, 3M IPC. All Rights ResCTved". 

38. The method of claim 32, wherein the public data set is protectable by 
copyright, trade secret, trademark, or service mark law. 

39. The method of claim 33, wherein the public data set is protectable by 

ft 

copyright, trade secret, trademark, or service mark law. 

40. The method of claim 34, wherein the public data set is protectable by 
copyright, trade secret, trademark, or service mark law. 

41. A method of authenticating an RFID tag ha^g a stored tag address that 
identifies the tag and a stored security block derived at least in part fi'om that tag 
address, comprising the steps of: 

(a) obtaining the security block; 

(b) performing a cryptographic transformation on the security block using at 
least a private data set to provide a tag address; and 

(c) comparing the tag address of step (b) with the stored tag address to 
determine whether the two tag addresses are the same. 

42. The method of claim 41, wherein the tag includes a permanent tag 
memory and a variable tag memory. 

43. The method of claim 42, wherein the stored tag address is stored in the 
permanent tag memory. 

44. The method of claim 42, wherein at least part of the stored tag address is 
stored in the variable tag memory. 
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45. The method of claim 42, wherein the stored security block is stored in 
the variable tag memory. 

46. The method of claim 4S, wherein at least the portion of the variable tag 
memory in which the stored security block is stored is locked to prevent inadvertent 
modification of the security block. 

47. The method of claim 42, wherein the stored security block is stored in 
the permanent tag memory. 

48. The method of any one of claims 41 through 47, v^erein the 
cryptographic transformation includes the use of a block or stream cipher, where the 
cipher is run in deoyption mode. 

49. The method of any one of claims 4 1 through 47, wherein step (b) 
comprises cryptographically transforming the security block, the private data set, and a 
public data set to provide the tag address. 

50. The method of claim 49, \^erein the cryptographic transformation 
includes the use of a block or stream cipher, where the cipher is run in decryption 
mode. 

51 . The method of claim 49, wherein the public data set is "'Copyright (c) 
2000, 3M IPC. AU Rights Reserved**. 

52. The method of claim 50, wherein the public data set is ""Copyright (c) 
2000, 3M IPC. All Rights Reserved". 

53. The method of claim 49, wherein the public data set is protectable by 
cop3aight, trade secret, trademark, or service mark law. 
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54. The method of claim SO, wherein the public data set is protectable by 
copyright, trade secret, trademark, or service mark law. 
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55. A method of providing an RFID tag having a stored tag address that 
identifies the tag and a stored security block derived at least in part firom that tag 
address, and of authenticating the tag, comprising the steps of: 

(a) providing the stored security block by 

(i) obtaining the tag address; 

(ii) poftrming a cryptographic transformation on at least the tag 
address and a private data set to provide a security block; and 

(iii) storing the security block on the tag; and 

(b) authenticating the tag by 

(i) obtaining the tag address; 

(ii) performing a cryptographic transformation on at least the tag 
address and the private data set to provide a security block; and 

(iii) comparing the security block of step (b)(ii) with the stored 
security block to determine whether the two security blocks are 
the same. 



20 



56. The method of claim 55, wherein the tag includes a permanent tag 
memory and a variable tag memory. 
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57. The method of claim 56, wherein the tag address is stored in the 
permanent tag memory. 



58. The method of claim 56, wherein at least part of the tag address is stored 
in the variable tag memory. 
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59. The method of claim 56, wherein step (a)(iii) comprises storing the 
security block in the variable tag memory. 
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60. The method of claim 59, wherein at least the portion of the variable tag 
memory in which the stored security block is stored is locked to prevent inadvertent 
modification of the stored security block. 

61. The method of claim S6, wherein step (a)(iii) comprises storing the 
security block in the permanent tag memory. 

62. The method of any one of claims 56 through 61, wherein the 
cryptogn4)hic transformations in steps (a) and (b) both include the use of a 
cryptographic hash algorithm. 

63. The method of any one of claims 56 through 61, wherein the 
cryptographic transformations in steps (a) and (b) both include the use of a block or 
stream cipher. 

64. The method of claim 63, wherein the cipher is run in encryption mode. 

65. The method of any one of claims 56 through 61, wherein steps (a)(ii) 
and (b)(ii) comprise cryptographically transforming at least the tag address and the 
private data set to provide a message digest, and designating at least a portion of the 
message digest as the security block. 

66. The method of claim 65, wherein the cryptographic transformations in 
steps (a) and (b) include the use of a cryptographic hash algorithm. 

67. The method of any one of claims 56 through 61, wherein steps (a)(ii) 
and (bXii) comprise cryptographically transforming the tag address, the private data set, 
and a public data set. 

68. The method of claim 67, wherein steps (a)(ii) and (b)(ii) comprise 
cryptographically transforming the tag address, the private data set, and a public data 
set to provide a message digest, and designating at least a portion of the message digest 
as the security block. 
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69. The method of claim 66, wherein steps (a) and (b) fiuther comprise 
cryptographically transforming the tag address, the private data set, and a public data 
set. 

70. The method of claim 67, wherein the public data set is ''Copyright (c) 
2000, 3M IPC. All Rights Reserved". 

71. The method of claim 68, wherein the public data set is ''Copyright (c) 
2000, 3M IPC. All Rights Reserved''. 

72. The method of claim 69, wherein the public data set is "Copyright (c) 
2000, 3M IPC. All Rights Reserved''. 

73. The method of claim 67, wherein the public data set is protectable by 
copyright, trade secret, trademark, or service mark law. 

74. The method of claim 68, wherein the public data set is protectable by 
copyright, trade secret, trademark, or service mark law. 

75. The method of claim 69, wherein the public data set is protectable by 
copyright, trade secret, trademaric, or service mark law. 

76. A method of providing an RFID tag having a stored tag address that 
identifies the tag with a stored security block, where the security block is derived at 
least in part from that stored tag address, and of authenticating the tag, comprising the 
steps of: 

(a) providing the stored security block by 

(i) obtaining the tag address; 

(ii) performing a cryptographic transformation on at least the tag 
address and a private data set to provide a security block; and 

(iii) storing the security block on the tag; and 

(b) authenticating the tag by 
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(i) obtaining the stored security block; 

(ii) perfonning a cryptographic transformation on at least the stored 
security block and the private data set to obtain a tag address; 
and 

(in) comparing the tag address of step (b)(ii) with the stored tag 

address to determine whether the two tag addresses are the same. 

77. The method of claim 76, wherein the tag includes a permanem tag 
memory and a variable tag memory. 

78. The method of claim 77, wherein the tag address is stored in the 
pomanent tag memory. 

79. The method of claim 77, wherein at least part of the tag address is stored 
15 in the variable tag memory. 

80. The method of claim 77, wherein step (a)Oii) comprises storing the 
security block in the variable tag memory. 

20 81. The method of claim 80, fiirther comprising the step of: 

(a) (iv) locking at least the portion of the variable tag memory in which 

the security blodc is stored to prevem inadvertent modification of the security 
block. 

25 

82. The method of claim 77, \«^erein step (a)(iii) comprises storing the 
security block in the permanent tag memory. 

83 . The method of any one of claims 76 through 82, wherein the 

30 cryptographic transformation includes the use of a block or stream cipher that, in step 
(aXii). is nm in encryption mode and, in step (b)Cii), is run in decryption mode. 
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84. The method of any one of claims 76 through 82, wherein step (aXii) 
comprises cryptographically transforming the tag address, the private data set, and a 
public data set, and stesp Qoi)(n) comprises cryptographically transforming the security 
block, the private data set, and the public data set. 

5 

85. The method of claim 84, v^erein the public data set is ''Copyright (c) 
2000, 3M IPC. All Rights Reserved''. 

86. The method of claim 84, wherein the public data set is protectable by 
10 copyright, trade secret, trademark, or service mark law. 

87. The method of claim 1 , wherein the tag address is obtained by an RFID 
interrogation source, and the security block is stored on the tag by an RHD writer. 

15 88. The method of either of claims 21 or 41, wherein the method is 

performed by a handheld RFID reader. 

89. The method of either of claims 21 and 41, wherein the method is 
performed by a library patron self-service unit. 

20 

90. The method of either of claims 55 and 76, wherein at least step (b) is 
performed by a portable RFID reader. 

91. The method of either of claims 55 and 76, wherein at least step (b) is 
25 performed by a stationary RFID reader. 

92. An RFID tag, wherein the tag has a stored tag address and a stored 
security block that is cryptographically related to the tag address. 
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93. The RFID tag of claim 92, wherein the tag address and a private data set 
are cryptographically transformed to provide the security block. 
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94. The RFID tag of claim 92, wherein the tag address, a private data set, 
and a public data set are cryptographically transformed to provide the security block. 

95. The RFID tag of claim 92, wherein the tag includes a pmnanent tag 
memory and a variable tag memory. 

96. The RFID tag of claim 95, wherein the tag address is stored in the 
permanent tag memory. 

97. The RFID tag of claim 95, wherein at least part of the tag address is 
stored in the variable tag memory. 

98. The RFID tag of claim 95, wherein the security block is stored in the 
variable tag memory. 

99. The RFID tag of claim 95, wherein at least the portion of the variable 
tag memory in which the stored security block is stored is locked to prevent inadvertent 
modification of the stored security block. 



100. The RFID tag of claim 95, wherein the security block is stored in the 
pormanent tag memory. 



til 



wo 01/57807 PCT/US00n4191 

1/4 




100 



Obtain tag 
address 



I 



102 



Z 



104 



Z 



106 



Tag address 




Public data set 




Private data set 






> 


r 






Cryptographic Transformation Algorithm 






110 


\o8 



Message digest 



i 



z 



112 



Security block 



I 



114 



Store security 
block on tag 



wo 01/57807 



2/4 



PCTAJSOO/14191 




Obtain tag 
address 



Tag address 



200 



202 



204 



Public data set 



I 



z 



206 



Private data set 



I 



Cryptographic Transformation Algorithm 



210 



IVIessage digest 



212 



Security block 



Mg.2 



1 



214 



Obtain security 
block from tag 



I 



216 



Compare results 
of 212 and 214 



208 



wo 01/57807 PCT/USOO/14191 

3/4 



I 



300 



Obtain security 
block 



I 



302 



304 



Security block 



1 



L 

Public data set 



I 



z 



306 



Private data set 



I 



Cryptographic Transformation Algorithm 



310 



308 



Tag address 



i 



312 



Obtain stored 
tag address 



314 



Compare results 
of 310 and 312 



p 



PCTAJSOO/14191 

WO 01/57807 

4/4 




INTERNATIONAL SEARCH REPORT 



ItK jtloiMt AppUeaUon No 

PCT/US 00/14191 



A. CLASSIRCATlONCf SUBJECT MATTgl 

IPC 7 GG7C9/00 GO7F7/10 



Accordino to Intemationai Patent Classtflcafion (IPC) or to both national ciassacalion and IPC 



a FIELDS SEARCHED 



Minimum documentation searched (classification system fotlowad by dassificattan symbols) 

IPC 7 G07C G07F G06K G07D 



Documentation searched other than minimum documentation to the extent ttiat such documents are Included in the fields searched 
Electronic data tiase consulted during the international search (name of data base and, where practical, search terms used) 

EPO-Internal, WPI Data 



C DOCUMENTS CONSIDERED TO BE RELEVANT 



Categoiy' 



Citation of document with indkation. whefB appropriate, of the relevant passaoes 



Relevant to daim Na 



EP 0 758 777 A (PALOMAR TECHN CORP) 
19 February 1997 (1997-82-19) 

column 1, line 3 -column 1, line 6 
column 4. line 32 -column 7> line 34 



PR 2 697 929 A (INNOVATRON SA) 

13 May 1994 (1994-05-13) 

page 11, line 24 -page 17, line 1 



US 5 191 193 A (LE ROUX JEAN-YVES) 
2 March 1993 (1993-03-02) 
column 1, line 10 -column 1, line 22 
column 3, line 22 -column 5, line 18 



1-3.5.8. 

10-14, 

87,92-98 



6,55-57, 

63.67, 

69,99 

21-23, 
25,29,32 

26 

55-57. 
63,67,69 



-/-- 



I j^j Further documents are Dsted in the continuation of t>ox C. 



|)( I Patent family members are listed In 



** Special categories of cited documents : 

"A" documem defining the general state of the art which Is not 
oonsldared to t)e d particular relevance 

IE" earner document but putslished on or after the Internationa] 
fil^gdate 

U documem which may throw doubts on priority claim(6)or 
which is dted to establish ttie pubrtcation date of another 
dtation or other special reason (as specified) 

"O" documem refarring to an oral disclosure, use, exhibition or 
other means 

"P** document published prior to the intematlonai filing date but 
later than the priority data claimed 



T" later docun^m published afterthe intemationa] firing date 
or priority date and not in conflict with the application but 
diBd to understand the principle or iheoiy underlying the 
invention 

"X" document of parttoular relevance; the claimed invention 
cannot be considered novel or cartnot be considered to 
involve an inventive step when the documem is taken alone 

"Y" documem of particular relevance: the claimed Invention 
cannot be considered to involve an inventive step when the 
documem Is combined with one or more other such docu- 
ments, such comblnatlan being ot>vfous to a person skilled 
frithearL 

"&* documem member of the same patent faiTity 



Date of the actual completion of the international search 



15 November 2000 



Date of mailing of the international seaich report 



3 0. 11. 00 



Name and mailing address of the ISA 

European Patent Office. P.B. 5818 Patentlaan 2 
NL-2280 HV R^^)c 
Tel. (-t-ai-TO) 340-2040. Tx. 31 651 epo nl. 
Fax: (^31-70) 340-3016 



Auttiortzed officer 



Aup1ais» B 



Form PCTyiSA/210 (seoond sheet) (July 1992) 



page 1 of 2 



INTERNATIONAL SEARCH REPORT 



IntL JonalAppUeatlenNe 

PCT/US 06/14191 



C^ContinuaUon) DOCUMENTS CONSIDERED TO BE RELEVANT 
rnWiTT* I rjni>h«otifc«iiTianLv»imindkato.»rti«iBappropri^ 

FR 2 764 977 A (STELU) 
24 December 1998 (1998-12-24) 
page 1, line 1 -page 1, line 24 
page 5, line 26 -page 6, line 19 

EP 0 030 381 A (GREY LAB ESTABLISHMENT) 
17 June 1981 (1981-06-17) 
page 6, line 17 -page 12, line 25 

WO 99 65005 A (MINNESOTA MINING & MFG) 
16 December 1999 (1999-12-16) 
cited in the application 
page 2, line 2 -page 2, line 17 
page 6, line 31 -page 7. line 10 



X.P 



Relevant to daim No. 



6.26,99 



41 



1.21,41, 
55.76.92 



EP 0 982 688 A (DATAMARS SA) 
1 March 2000 (2000-03-01) 
the whole document 



1,8.92 



Form PCT/lSA/210 (continuation of second sheet) (July 1992) 



page 2 of 2 



INTERNATIONAL SEARCH REPORT 



international application isio. 
PCT/US 00/14191 



Box I Observations where certain claims were found unsearchable (Continuation of item 1 of first sheet) 



TNs international Search Report has not been estabttehed In respect of certain claims under Article I7(2)(a) tor the following reasons: 



1. nn Ciafrns Nos.: 15-20, 35-40, 51-53, 70-75. 85-86 

ULJ . ^ sutject matfer not requlFed to be searched by tnis Authonty, namely: 



because they relaia 

The additional features of these claims relate either to presentation of 
Information or method of doing business (Rule 39.1(v) PCT and Rule 39. Kill) 
PCT). 

Claims Nos.: . 
because they relate to parts of the Intemational Application that do not comply with the prescribed requirements to such 
an extent that no meaningful Intemational Search can be carried out, specfflcally: 



3. I Claims Nos.: ^ . rs ai^x 

— because they are dependent claims and are not drafted in accordance with the second and third sentences of Rule 6.4(a). 

Box II Observations where unity <»f invention is lacking (Continuation of Item 2 of first sheeQ 

This Intemational Searching Authority found multiple inventions in this intemational application, as tottows: 



1 . I I As all required additional search Ites were timely paid by the applicant, this Intemational Search Report covers all 
■ — ■ searchable claims. 



2. j~| As all searchable claims could be searched without effort Justifying an additional fee. this Authority did not Invite payment 
of any additional fee. 



3. I I As only some of ttie required additional search fees were timely paid by the applicant, 
1 — I covers only those cla^s for which fees were paid, spectficaliy claims Nos.: 



this Intemational Search Report 



4. rn No required additional search fees were timely paid by the applicant Consequentty. this intemational Search Report is 
— restricted to ttie invention first mentioned in ttie claims; it is covered by claims Nos.: 



Remarfc on Protest 



[ I The addftional search fees were accompanied by ttie applicanTs protest 
I I No protest accompanied the payment of additional search fees. 



Form PCT/ISA/210 (continuation of first sheet (1)) (July 1998) 



INTERNATIONAL SEARCH REPORT 

Information on potant family mamlMra 



Patent document 
cited in search report 

EP 0758777 



FR 2697929 



US 5191193 



FR 2764977 



EP 0030381 



WO 9965006 
EP 0982688 



Publication 
dais 

19-02-1997 



13-05-1994 
02-03-1993 



24-12-1998 



17-06-1981 



16-12-1999 



01-03-2000 



lnt«i . ^onal Appllcatian No 

PCT/US 00/14191 



Patent tamiiy 
inemt)er(s) 



US 
CA 



5832090 A 
2182464 A 



NONE 



CN 
EP 
UO 



AU 



FR 2653248 A 

CA 2027344 A.C 

DE 69014817 D 

DE 69014817 T 

EP 0423035 A 

ES 2066169 T 

JP 1884135 C 

OP 3241463 A 

OP 6009051 B 

KR 147360 B 



1260872 T 
0988511 A 
9858238 A 



DE 2949351 A 

AT 13781 T 

DE 3070759 D 

JP 57074772 A 



Publication 
date 

03-11-1998 
11-02-1997 



1378399 A 



EP 0982687 A 



19-04- 
14-04- 
19-01- 
22-06- 
17-04- 

01- 03- 
10-11- 
28-10- 

02- 02- 
01-12- 



1991 
1991 
1995 
•1995 
1991 
■1995 
■1994 
-1991 
-1994 
-1998 



19-07-2000 
29-03-2000 
23-12-1998 



11-06-1981 
15-06-1985 
18-07-1985 
11-05-1982 



30-12-1999 



01-03-2000 



Forni FCT/lSA/210 (p»t«K fmOf ammx) (July 1988) 



